Hi Shabe, :-)
I followed your instructions, and my computer is running super fast. Here is the information you requested, thank you for helping me. Hope it worked.
ComboFix 09-06-09.06 - Churchmouse 06/09/2009 19:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.262 [GMT -4:00]
Running from: c:\documents and settings\Churchmouse\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Churchmouse\Application Data\FunWebProducts
c:\documents and settings\Churchmouse\Application Data\FunWebProducts\Data\Churchmouse\avatar.dat
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\mwsoestb.dll.vzr
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\
0001AEF8
c:\program files\MyWebSearch\bar\Cache\
032233F3.bin
c:\program files\MyWebSearch\bar\Cache\
03223701.bin
c:\program files\MyWebSearch\bar\Cache\
032237DB.bin
c:\program files\MyWebSearch\bar\Cache\
032238D5.bin
c:\program files\MyWebSearch\bar\Cache\
0BF8FD54
c:\program files\MyWebSearch\bar\Cache\
0BF90311.bin
c:\program files\MyWebSearch\bar\Cache\
0BF91030.bin
c:\program files\MyWebSearch\bar\Cache\
0BF91CC3.bin
c:\program files\MyWebSearch\bar\Cache\
0BF91D9D.bin
c:\program files\MyWebSearch\bar\Cache\
0BF91EE6.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\setting2.htm.bak
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\windows\system32\~.exe
c:\windows\system32\abadedih.ini
c:\windows\system32\abowipop.ini
c:\windows\system32\adabaviy.ini
c:\windows\system32\adibigor.ini
c:\windows\system32\aevqlt.dll
c:\windows\system32\afofamuy.ini
c:\windows\system32\aguwomem.ini
c:\windows\system32\ahavoyud.ini
c:\windows\system32\ahicrx.dll
c:\windows\system32\akizayan.ini
c:\windows\system32\amimadug.ini
c:\windows\system32\anawefes.ini
c:\windows\system32\aomqtn.dll
c:\windows\system32\aoqrft.dll
c:\windows\system32\apisusef.ini
c:\windows\system32\aroyihun.ini
c:\windows\system32\asewowel.ini
c:\windows\system32\atenabiw.ini
c:\windows\system32\avawujew.ini
c:\windows\system32\avepufit.ini
c:\windows\system32\avinuwuh.ini
c:\windows\system32\awunogij.ini
c:\windows\system32\axdibdtc.dll
c:\windows\system32\ayayudas.ini
c:\windows\system32\azerevik.ini
c:\windows\system32\bavovayo.dll
c:\windows\system32\bebutepo.dll
c:\windows\system32\bekehutu.dll
c:\windows\system32\bevosami.dll
c:\windows\system32\bevozeti.dll
c:\windows\system32\bewisobe.dll
c:\windows\system32\bhmodl.dll
c:\windows\system32\bhyratev.dll
c:\windows\system32\biburuku.dll
c:\windows\system32\bifuzuwu.dll
c:\windows\system32\bofofevu.dll
c:\windows\system32\bohogumo.dll
c:\windows\system32\bokeneja.dll
c:\windows\system32\botanode.dll
c:\windows\system32\bovenage.dll
c:\windows\system32\boyeseti.dll
c:\windows\system32\brpvoa.dll
c:\windows\system32\bubefane.dll
c:\windows\system32\buhedina.dll
c:\windows\system32\buhepine.dll.vir
c:\windows\system32\buyopako.dll
c:\windows\system32\buyoyena.dll
c:\windows\system32\bxjisudc.ini
c:\windows\system32\caomxg.dll
c:\windows\system32\cbrlpl.dll
c:\windows\system32\ccdtan.dll
c:\windows\SYSTEM32\CdgNmnmp.ini
c:\windows\system32\CdgNmnmp.ini2
c:\windows\system32\clcczz.dll
c:\windows\system32\cvschv.dll
c:\windows\system32\cwlvlynb.ini
c:\windows\system32\cyrudm.dll
c:\windows\system32\dakulilo.dll
c:\windows\system32\ddcCVNgd.dll
c:\windows\system32\defariha.dll
c:\windows\system32\dehaziku.dll
c:\windows\system32\dezogewi.dll
c:\windows\system32\disidaji.dll
c:\windows\system32\dkfqahmu.dll
c:\windows\system32\dmerxqxd.dll
c:\windows\system32\dobafigi.dll
c:\windows\system32\dokakuru.dll
c:\windows\system32\dudinozu.dll
c:\windows\system32\dujufuro.exe
c:\windows\system32\dunulaju.dll
c:\windows\system32\duunbdnu.dll
c:\windows\system32\duvapame.exe
c:\windows\system32\duyovaha.dll
c:\windows\system32\ebohalaz.ini
c:\windows\system32\edihonay.ini
c:\windows\system32\edimakas.ini
c:\windows\system32\efelagiv.ini
c:\windows\system32\efvwrkau.ini
c:\windows\system32\ehabunuy.ini
c:\windows\system32\ejironij.ini
c:\windows\system32\ejujoney.ini
c:\windows\system32\emevetas.ini
c:\windows\system32\emohobum.ini
c:\windows\system32\enafebub.ini
c:\windows\system32\enimasol.ini
c:\windows\system32\eraqjy.dll
c:\windows\system32\erirejos.ini
c:\windows\system32\esgcpo.dll
c:\windows\system32\eyxxwk.dll
c:\windows\system32\ezideray.ini
c:\windows\system32\ezoteyiy.ini
c:\windows\system32\famuheno.dll
c:\windows\system32\fatopoze.dll
c:\windows\system32\faweziju.dll
c:\windows\system32\fccaWnMF.dll
c:\windows\system32\fedoniko.dll.vir
c:\windows\system32\feduyizo.dll
c:\windows\system32\fefiyiri.dll
c:\windows\system32\fenobeko.dll
c:\windows\system32\fesusipa.dll
c:\windows\system32\fhsibk.dll
c:\windows\system32\fijeroti.dll
c:\windows\system32\filpor.dll
c:\windows\system32\finelenu.dll
c:\windows\system32\fiwevoga.dll
c:\windows\system32\FMnWaccf.ini
c:\windows\SYSTEM32\FMnWaccf.ini2
c:\windows\system32\fogiguzu.dll
c:\windows\system32\fopijunu.dll
c:\windows\system32\forareri.dll
c:\windows\system32\fotuvoyi.dll
c:\windows\system32\fozehuka.exe
c:\windows\system32\frexrrmw.ini
c:\windows\system32\fubatuzo.exe
c:\windows\system32\fujatoki.dll
c:\windows\system32\funesabo.dll
c:\windows\system32\fuyayeka.dll
c:\windows\system32\fvxbfo.dll
c:\windows\system32\gakemojo.dll
c:\windows\system32\garizugo.dll
c:\windows\system32\gavurane.dll.tmp
c:\windows\system32\gayujoje.dll
c:\windows\system32\gesesabu.dll
c:\windows\system32\gibijayu.dll
c:\windows\system32\gijareso.dll
c:\windows\system32\gitadumi.dll
c:\windows\system32\givijomu.dll
c:\windows\system32\gizokoro.dll.vir
c:\windows\system32\gizuruku.dll
c:\windows\system32\gnndyicl.dll
c:\windows\system32\gudadamu.dll
c:\windows\system32\gudamima.dll
c:\windows\system32\guhehodi.dll
c:\windows\system32\gumupate.dll
c:\windows\system32\gvbufmii.ini
c:\windows\system32\hagijifa.dll
c:\windows\system32\hatakuvu.exe
c:\windows\system32\hatasefa.dll
c:\windows\system32\hedafatu.dll.vir
c:\windows\system32\hemafovi.dll
c:\windows\system32\hererubi.dll
c:\windows\system32\herifolu.dll
c:\windows\system32\herugife.dll
c:\windows\system32\heyehupi.dll
c:\windows\system32\hididofu.dll
c:\windows\system32\higihape.dll
c:\windows\system32\hijunavi.dll
c:\windows\system32\hiragege.dll
c:\windows\system32\hitakire.exe
c:\windows\system32\hmznef.dll
c:\windows\system32\hogumana.dll
c:\windows\system32\huclcl.dll
c:\windows\system32\hudufumi.dll
c:\windows\system32\huluvavi.dll
c:\windows\system32\husosaza.dll
c:\windows\system32\huwifolu.dll
c:\windows\system32\huwuniva.dll
c:\windows\system32\huyowoza.dll
c:\windows\system32\huyuvegi.dll
c:\windows\system32\hyhuya.dll
c:\windows\system32\ibupejim.ini
c:\windows\system32\icqjyk.dll
c:\windows\system32\idcguc.dll
c:\windows\system32\idipunus.ini
c:\windows\system32\ifeugbjn.dll
c:\windows\system32\ifokogen.ini
c:\windows\system32\ijgmit.dll
c:\windows\system32\ilubugih.ini
c:\windows\system32\imapekos.ini
c:\windows\system32\imudatig.ini
c:\windows\system32\imufuduh.ini
c:\windows\system32\inibiyom.ini
c:\windows\system32\ipiwufen.ini
c:\windows\system32\irxhmnal.ini
c:\windows\system32\itizehel.ini
c:\windows\system32\itupuwow.ini
c:\windows\system32\iusbvc.dll
c:\windows\system32\ivavuluh.ini
c:\windows\system32\ivovodop.ini
c:\windows\system32\iweyayes.ini
c:\windows\system32\iwitikop.ini
c:\windows\system32\iytcva.dll
c:\windows\system32\jaduzumi.dll
c:\windows\system32\jahasike.dll
c:\windows\system32\jajusema.dll
c:\windows\system32\japidahu.dll
c:\windows\system32\javojosu.dll
c:\windows\system32\jcejfs.dll
c:\windows\system32\jebojope.dll
c:\windows\system32\jeribejo.dll
c:\windows\system32\jezewisa.dll
c:\windows\system32\jimekaju.dll
c:\windows\system32\jimiwemo.dll
c:\windows\system32\jinorije.dll
c:\windows\system32\jisagoyi.dll
c:\windows\system32\jiyayuda.dll
c:\windows\system32\jkqdhz.dll
c:\windows\system32\jofaluju.dll
c:\windows\system32\jogopamo.dll
c:\windows\system32\jokigaju.dll
c:\windows\system32\junefare.dll
c:\windows\system32\juoiqmjq.ini
c:\windows\system32\jupisulu.dll
c:\windows\system32\juwekine.dll
c:\windows\system32\juwinamu.dll
c:\windows\system32\kabfbo.dll
c:\windows\system32\kabumure.dll
c:\windows\system32\kakegadi.dll
c:\windows\system32\kamileva.dll
c:\windows\system32\kasirora.dll
c:\windows\system32\kejowigi.dll
c:\windows\system32\kekiyala.dll
c:\windows\system32\kerfwrai.dll
c:\windows\system32\kinotava.exe
c:\windows\system32\kivereza.dll
c:\windows\system32\knirlfmy.dll
c:\windows\system32\kofidutu.dll
c:\windows\system32\kokuluga.dll
c:\windows\system32\kompxltv.dll
c:\windows\system32\konemabo.dll
c:\windows\system32\kuragihu.dll
c:\windows\system32\kxsovpyv.dll
c:\windows\system32\kztzap.dll
c:\windows\system32\lakenade.dll
c:\windows\system32\lawaragu.dll
c:\windows\system32\lawireyo.dll
c:\windows\system32\leforoju.dll
c:\windows\system32\lepekisu.dll
c:\windows\system32\levujiku.dll
c:\windows\system32\lewowesa.dll
c:\windows\system32\liborazo.dll
c:\windows\system32\limevovo.dll
c:\windows\system32\lisabavo.dll
c:\windows\system32\lisepeyo.dll
c:\windows\system32\litikene.dll
c:\windows\system32\liwafuso.dll
c:\windows\system32\lizatefa.dll
c:\windows\system32\lofuwogi.dll
c:\windows\system32\losamine.dll
c:\windows\system32\lotonene.dll
c:\windows\system32\lowakoda.dll
c:\windows\system32\lowofato.dll
c:\windows\system32\ltdnjwxr.ini
c:\windows\system32\ltrrelwb.dll
c:\windows\system32\lubapuju.dll
c:\windows\system32\ludivade.dll
c:\windows\system32\luvigaki.dll
c:\windows\system32\lznkli.dll
c:\windows\system32\majumode.dll
c:\windows\system32\mawivawo.dll
c:\windows\system32\mebarepo.dll
c:\windows\system32\memovovo.dll
c:\windows\system32\memowuga.dll
c:\windows\system32\mfnaaisk.dll
c:\windows\system32\mijepubi.dll
c:\windows\system32\mizalaza.dll
c:\windows\system32\mokasepi.dll
c:\windows\system32\mosowisi.exe
c:\windows\system32\moyibini.dll
c:\windows\system32\mvgpmyae.ini
c:\windows\system32\nadusajo.dll
c:\windows\system32\narerope.dll
c:\windows\system32\nayazika.dll
c:\windows\system32\nchkfyvn.dll
c:\windows\system32\nckrii.dll
c:\windows\system32\ndsaiwyc.ini
c:\windows\system32\neduwozi.dll
c:\windows\system32\nefuwipi.dll
c:\windows\system32\nehakite.dll
c:\windows\system32\neletato.dll
c:\windows\system32\nemewiba.dll
c:\windows\system32\nevoputo.dll
c:\windows\system32\ngajhw.dll
c:\windows\system32\nhpkkx.dll
c:\windows\system32\nhykck.dll
c:\windows\system32\niihwt.dll
c:\windows\system32\nlhgqa.dll
c:\windows\system32\nneuvc.dll
c:\windows\system32\nobiyaki.dll
c:\windows\system32\notijiku.dll
c:\windows\system32\noyufayo.dll
c:\windows\system32\nujanuku.dll
c:\windows\system32\nukatojo.dll
c:\windows\system32\nuruhola.dll
c:\windows\system32\nuzomoyu.dll
c:\windows\system32\nvyfkhcn.ini
c:\windows\system32\nztebo.dll
c:\windows\system32\odnudb.dll
c:\windows\system32\ofpaxvew.dll
c:\windows\system32\ogevoviw.ini
c:\windows\system32\ogosevir.ini
c:\windows\system32\ojasudan.ini
c:\windows\system32\ojebirej.ini
c:\windows\system32\okapoyub.ini
c:\windows\system32\okebonef.ini
c:\windows\system32\olarijod.ini
c:\windows\system32\omapogoj.ini
c:\windows\system32\omasiras.ini
c:\windows\system32\omosawuw.ini
c:\windows\system32\oneleyot.ini
c:\windows\system32\onobihep.ini
c:\windows\system32\openebir.ini
c:\windows\system32\oqxljshg.ini
c:\windows\system32\osufawil.ini
c:\windows\system32\oteraget.ini
c:\windows\SYSTEM32\OUCLVvut.ini
c:\windows\SYSTEM32\OUCLVvut.ini2
c:\windows\system32\ovabasil.ini
c:\windows\system32\ovekosot.ini
c:\windows\system32\oxarivht.ini
c:\windows\system32\oxlbccmf.dll
c:\windows\system32\oyisofil.ini
c:\windows\system32\pagudoru.dll
c:\windows\system32\pananini.dll
c:\windows\system32\parahuri.dll
c:\windows\system32\paviviwa.dll
c:\windows\system32\pdughs.dll
c:\windows\system32\pedenaku.dll
c:\windows\system32\pegoyoja.dll
c:\windows\system32\pehibono.dll
c:\windows\system32\pelivase.dll
c:\windows\system32\pfdncx.dll
c:\windows\system32\pfjklo.dll
c:\windows\system32\piralume.dll
c:\windows\system32\plldghro.dll
c:\windows\system32\pmnmNgdC.dll
c:\windows\system32\pnqognod.ini
c:\windows\system32\pobojohe.dll
c:\windows\system32\podovovi.dll
c:\windows\system32\popiwoba.dll
c:\windows\system32\posiseyu.dll
c:\windows\system32\potibubi.dll
c:\windows\system32\powipogi.exe
c:\windows\system32\pqvincmx.ini
c:\windows\system32\psyvnfwy.dll
c:\windows\system32\pureleye.dll
c:\windows\system32\pxlhplms.dll
c:\windows\system32\qfrwlyij.dll
c:\windows\system32\qjmqiouj.dll
c:\windows\system32\qmatvi.dll
c:\windows\system32\qqbohu.dll
c:\windows\system32\qydceg.dll
c:\windows\system32\radimati.exe
c:\windows\system32\ragogoka.dll
c:\windows\system32\ralanagu.dll
c:\windows\system32\ramuzovi.dll
c:\windows\system32\ravayifu.exe
c:\windows\system32\rehosaki.dll
c:\windows\system32\rerurepo.dll
c:\windows\system32\retoseti.dll
c:\windows\system32\rezuyero.dll
c:\windows\system32\rfmxdv.dll
c:\windows\system32\ribigode.dll
c:\windows\system32\rijipiku.dll
c:\windows\system32\rivesogo.dll
c:\windows\system32\rivikela.dll
c:\windows\system32\rotawugo.dll
c:\windows\system32\rudadiza.dll
c:\windows\system32\rujazeke.dll
c:\windows\system32\rukezagu.dll
c:\windows\system32\rulisofo.dll
c:\windows\system32\rutobuki.dll
c:\windows\system32\rvmgpgmh.ini
c:\windows\system32\rvoepncg.dll
c:\windows\system32\sateveme.dll
c:\windows\system32\sefewana.dll
c:\windows\system32\seleziga.dll
c:\windows\system32\seyayewi.dll
c:\windows\system32\sirifiwi.dll
c:\windows\system32\snxhak.dll
c:\windows\system32\sofofuhi.dll
c:\windows\system32\sogzts.dll
c:\windows\system32\sojerire.dll
c:\windows\system32\sokepami.dll
c:\windows\system32\soremeno.dll
c:\windows\system32\sosazeri.dll
c:\windows\system32\sovowuyi.dll
c:\windows\system32\stmrvswh.ini
c:\windows\system32\suhireje.dll.tmp
c:\windows\system32\sunupidi.dll
c:\windows\system32\surebota.dll
c:\windows\system32\sutuyeju.dll
c:\windows\system32\tabisape.dll
c:\windows\system32\tancslvg.ini
c:\windows\system32\tatetimo.dll
c:\windows\system32\tavahozu.dll
c:\windows\system32\tegareto.dll
c:\windows\system32\tewetopi.dll
c:\windows\system32\tewipuyi.dll
c:\windows\system32\tfrcfc.dll
c:\windows\system32\tfshsr.dll
c:\windows\system32\tguwvf.dll
c:\windows\system32\tibipaku.dll
c:\windows\system32\tifajuze.dll
c:\windows\system32\tifupeva.dll
c:\windows\system32\tijojepe.dll
c:\windows\system32\tirirnbc.ini
c:\windows\system32\tiwurufe.dll.tmp
c:\windows\system32\tizomahu.dll
c:\windows\system32\tnudxt.dll
c:\windows\system32\tofanuwo.dll
c:\windows\system32\tofulupa.dll
c:\windows\system32\tokivafa.dll
c:\windows\system32\tosokevo.dll
c:\windows\system32\toyeleno.dll
c:\windows\system32\tozajuye.dll
c:\windows\system32\tozewala.exe
c:\windows\system32\tubijeki.dll
c:\windows\system32\tuffanjf.ini
c:\windows\system32\tugokubu.dll
c:\windows\system32\tukibazi.dll
c:\windows\system32\tulaplrk.ini
c:\windows\system32\tupumogu.dll
c:\windows\system32\tutepega.exe
c:\windows\system32\tuvVLCUO.dll
c:\windows\system32\tuwihavo.exe
c:\windows\system32\tuyuvela.dll.vir
c:\windows\system32\uaaalm.dll
c:\windows\system32\ubomofow.ini
c:\windows\system32\ubpifk.dll
c:\windows\system32\ueemqa.dll
c:\windows\SYSTEM32\UEfPAcdd.ini
c:\windows\system32\UEfPAcdd.ini2
c:\windows\system32\ufusolog.ini
c:\windows\system32\ugibukaz.ini
c:\windows\system32\ugomuput.ini
c:\windows\system32\uhamozit.ini
c:\windows\system32\ujagikoj.ini
c:\windows\system32\ujenayub.ini
c:\windows\system32\ujizewaf.ini
c:\windows\system32\ujulafoj.ini
c:\windows\system32\ukanedep.ini
c:\windows\system32\ukuruzig.ini
c:\windows\system32\ulofireh.ini
c:\windows\system32\umxxvp.dll
c:\windows\system32\unmxbb.dll
c:\windows\system32\urodugap.ini
c:\windows\system32\urusuhev.ini
c:\windows\system32\usojovaj.ini
c:\windows\system32\utudifok.ini
c:\windows\system32\utufulur.ini
c:\windows\system32\uwuzufib.ini
c:\windows\system32\uyayevay.ini
c:\windows\system32\uyesisop.ini
c:\windows\system32\uyjulo.dll
c:\windows\system32\uzusoliz.ini
c:\windows\system32\uzvqgk.dll
c:\windows\system32\vabjkb.dll
c:\windows\system32\vajapaso.dll
c:\windows\system32\valafuwe.dll
c:\windows\system32\vapudabi.dll
c:\windows\system32\vazaaj.dll
c:\windows\system32\vazoguti.dll
c:\windows\system32\vebiwoju.dll
c:\windows\system32\vegapaye.dll
c:\windows\system32\vehusuru.dll
c:\windows\system32\vekesuwo.dll
c:\windows\system32\veketaha.dll
c:\windows\system32\vigalefe.dll
c:\windows\system32\vijogojo.dll
c:\windows\system32\vikuyomo.dll
c:\windows\system32\visoziyo.dll
c:\windows\system32\vitirunu.dll
c:\windows\system32\vmotfx.dll
c:\windows\system32\vnkjoo.dll
c:\windows\system32\vodiyuvu.dll
c:\windows\system32\vogujesi.dll
c:\windows\system32\voliyeyo.dll
c:\windows\system32\vowowono.dll
c:\windows\system32\vpxkmtey.ini
c:\windows\system32\vpyjnlok.dll
c:\windows\system32\vubebiye.dll
c:\windows\system32\vujufiko.dll
c:\windows\system32\vunakifa.dll
c:\windows\system32\vunogazu.dll
c:\windows\system32\vvrrebee.dll
c:\windows\system32\wafiguvu.dll
c:\windows\system32\wajivepe.dll
c:\windows\system32\wapoyali.dll
c:\windows\system32\wazuloro.dll
c:\windows\system32\wcsgcwbm.dll
c:\windows\system32\wejuwava.dll
c:\windows\system32\wemafuni.dll
c:\windows\system32\wepakezu.dll
c:\windows\system32\wepanibe.dll
c:\windows\system32\wepejapu.dll
c:\windows\system32\wevagofo.dll
c:\windows\system32\wevetora.dll
c:\windows\system32\wewusigo.dll
c:\windows\system32\wgafzj.dll
c:\windows\system32\wghfql.dll
c:\windows\system32\wibaneta.dll
c:\windows\system32\wibijomi.dll
c:\windows\system32\wifufulu.dll
c:\windows\system32\wigimogo.dll
c:\windows\system32\wimiraje.dll
c:\windows\system32\winudasu.dll
c:\windows\system32\wivipijo.dll
c:\windows\system32\wivovego.dll
c:\windows\system32\wiwijadu.dll
c:\windows\system32\wofomobu.dll
c:\windows\system32\wolayuga.dll
c:\windows\system32\wowuputi.dll
c:\windows\system32\wpv871232248398.cpx
c:\windows\system32\wuyogoti.exe
c:\windows\system32\wyabhg.dll
c:\windows\system32\xbdNnXyb.ini
c:\windows\system32\xbdNnXyb.ini2
c:\windows\system32\xelduu.dll
c:\windows\system32\xlkkxb.dll
c:\windows\system32\xmcnivqp.dll
c:\windows\system32\xstwhj.dll
c:\windows\system32\yanohide.dll
c:\windows\system32\yaredize.dll
c:\windows\system32\yasijote.dll
c:\windows\system32\yaveyayu.dll
c:\windows\system32\yelameda.dll
c:\windows\system32\yemibumi.dll
c:\windows\system32\yenojuje.dll
c:\windows\system32\yetevato.dll
c:\windows\system32\yetmkxpv.dll
c:\windows\system32\yezamase.exe
c:\windows\system32\yhnsoy.dll
c:\windows\system32\yhpmbv.dll
c:\windows\system32\yirawuda.dll
c:\windows\system32\yitudude.dll
c:\windows\system32\yivabada.dll
c:\windows\system32\yiyetoze.dll
c:\windows\system32\yjsvwf.dll
c:\windows\system32\yohujoku.dll
c:\windows\system32\yonetaso.dll
c:\windows\system32\yorupota.dll
c:\windows\system32\yowefise.dll
c:\windows\system32\yoyamama.dll
c:\windows\system32\yudedawo.dll
c:\windows\system32\yudufiyo.dll
c:\windows\system32\yufarugo.dll
c:\windows\system32\yuinfbwg.dll
c:\windows\system32\yukojuni.dll
c:\windows\system32\yumafofa.dll
c:\windows\system32\yunubahe.dll
c:\windows\system32\yuwegiju.dll
c:\windows\system32\ywfnvysp.ini
c:\windows\system32\zagubura.dll
c:\windows\system32\zakubigu.dll
c:\windows\system32\zanamalo.dll
c:\windows\system32\zaruhore.dll
c:\windows\system32\zavipava.dll
c:\windows\system32\zavuzogo.dll
c:\windows\system32\zegofuho.dll
c:\windows\system32\zelutire.dll
c:\windows\system32\zenoyovo.dll
c:\windows\system32\zepuwuvi.dll
c:\windows\system32\zesanido.dll
c:\windows\system32\zfhfqp.dll
c:\windows\system32\zibuyiri.dll
c:\windows\system32\zigoboyu.dll
c:\windows\system32\zilosuzu.dll
c:\windows\system32\zimuroha.dll
c:\windows\system32\zoniraji.dll
c:\windows\system32\zotovebu.dll
c:\windows\system32\zoyatufi.dll
c:\windows\system32\zukumuha.dll
c:\windows\system32\zuyijuli.dll
c:\windows\system32\zuzahovo.dll
c:\windows\Tasks\efkvcvsc.job
c:\windows\wiaserviv.log
C:\xcrashdump.dat
.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.
2009-06-07 20:52 . 2009-06-07 20:52 -------- d-----w- c:\program files\Trend Micro
2009-06-07 13:01 . 2009-06-07 13:01 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 23:06 . 2008-07-29 21:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-09 13:06 . 2008-07-29 21:41 -------- d-----w- c:\program files\Spyware Doctor
2009-06-09 04:01 . 2009-06-09 04:01 0 ----a-w- c:\windows\system32\oyisofil.tmp
2009-06-09 02:36 . 2009-04-16 02:50 66936 --sha-w- c:\windows\dlinfo_0.drv
2009-06-07 13:39 . 2006-03-24 22:01 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-06 16:32 . 2009-04-26 20:38 -------- d-----w- c:\program files\LimeWire
2009-05-13 23:47 . 2009-02-13 23:47 63488 --sha-w- c:\windows\system32\fonatege.exe
2009-05-11 22:42 . 2009-02-11 22:42 65024 --sha-w- c:\windows\system32\fidofepu.exe
2009-05-04 21:38 . 2006-05-17 20:56 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-04-28 22:16 . 2009-04-28 22:16 152576 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-26 18:28 . 2009-04-26 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-26 18:28 . 2008-07-20 18:51 -------- d-----w- c:\program files\iTunes
2009-04-26 18:27 . 2009-04-26 18:23 -------- d-----w- c:\program files\Common Files\Apple
2009-04-26 18:26 . 2009-04-26 18:26 -------- d-----w- c:\program files\Bonjour
2009-04-26 18:25 . 2009-04-26 18:25 -------- d-----w- c:\program files\QuickTime
2009-04-26 18:21 . 2009-04-26 18:21 -------- d-----w- c:\program files\Apple Software Update
2009-04-26 18:18 . 2008-08-05 10:53 22598975 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-04-26 17:53 . 2008-07-20 18:52 -------- d-----w- c:\documents and settings\Churchmouse\Application Data\Apple Computer
2009-04-20 04:46 . 2009-02-24 22:46 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-04-20 04:46 . 2009-02-24 22:46 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-04-20 04:46 . 2009-02-24 22:45 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-04-20 04:46 . 2009-02-24 22:45 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-04-20 04:46 . 2009-04-01 03:42 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-04-13 03:32 . 2009-04-13 03:32 -------- d-----w- c:\documents and settings\Churchmouse\Application Data\MSNInstaller
2009-04-12 01:43 . 2009-04-12 01:43 86528 ----a-w- c:\windows\bnetunin.exe
2009-04-12 01:43 . 2009-04-12 01:43 61440 ----a-w- c:\windows\diabunin.exe
2009-04-11 14:32 . 2009-04-11 14:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-04-11 14:06 . 2004-11-26 16:54 -------- d-----w- c:\documents and settings\Joe Bernhard\Application Data\Aim
2009-04-11 14:03 . 2009-04-11 13:53 -------- d-----w- c:\documents and settings\Joe Bernhard\Application Data\ErrorRepairTool
2009-04-10 22:16 . 2009-01-10 22:16 63488 --sha-w- c:\windows\system32\kaduhaki.exe
2009-04-09 09:57 . 2009-01-09 09:57 61440 --sha-w- c:\windows\system32\bodonope.exe
2009-04-08 21:00 . 2009-01-08 21:00 61440 --sha-w- c:\windows\system32\tasurizo.exe
2009-04-07 03:56 . 2009-01-07 03:56 61440 --sha-w- c:\windows\system32\hemenozu.exe
2009-04-07 03:56 . 2009-01-07 03:56 103936 --sha-w- c:\windows\system32\vulaloji.dll.vir
2009-04-05 02:41 . 2009-04-05 02:41 45056 ----a-w- c:\documents and settings\Joe Bernhard\Application Data\Sun\Java\Deployment\cache\6.0\6\1b458086-1a39e335-n\winflash.dll
2009-04-05 02:41 . 2009-04-05 02:41 27648 ----a-w- c:\documents and settings\Joe Bernhard\Application Data\Sun\Java\Deployment\cache\6.0\51\10a671b3-5e5b3f7b-n\draghelp.dll
2009-04-04 14:53 . 2009-01-04 14:53 61440 --sha-w- c:\windows\system32\kogujiru.exe
2009-04-04 02:53 . 2009-01-04 02:53 61440 --sha-w- c:\windows\system32\kowatapi.exe
2009-04-03 00:45 . 2009-03-22 01:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-03 00:39 . 2009-04-03 00:39 152576 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-04-02 20:53 . 2009-01-02 20:53 61440 --sha-w- c:\windows\system32\honomige.exe
2009-04-02 20:29 . 2009-04-02 20:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-01 02:02 . 2009-01-01 02:02 105984 --sha-w- c:\windows\system32\wudiyopi.dll.vir
2009-03-31 14:02 . 1601-01-01 00:12 61440 --sha-w- c:\windows\system32\hokozoli.exe
2009-03-29 00:58 . 1601-01-01 00:12 61440 --sha-w- c:\windows\system32\yumafofa.exe
2009-03-28 13:01 . 1601-01-01 00:12 61440 --sha-w- c:\windows\system32\marokeru.exe
2009-03-26 19:23 . 2009-04-26 18:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 19:23 . 2009-04-26 18:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-26 09:47 . 1601-01-01 00:12 103936 --sha-w- c:\windows\system32\peritohu.dll.vir
2009-03-24 23:15 . 1601-01-01 00:12 107008 --sha-w- c:\windows\system32\vewaboji.dll.vir
2009-03-22 01:58 . 2009-03-22 01:58 503808 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-27aa25d4-n\msvcp71.dll
2009-03-22 01:58 . 2009-03-22 01:58 348160 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-27aa25d4-n\msvcr71.dll
2009-03-22 01:58 . 2009-03-22 01:58 499712 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-27aa25d4-n\jmc.dll
2009-03-22 01:41 . 2009-03-22 01:41 152576 ----a-w- c:\documents and settings\Churchmouse\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-20 08:49 . 1601-01-01 00:12 107520 --sha-w- c:\windows\system32\dusatalo.dll.vir
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 20:59 . 1601-01-01 00:12 105984 --sha-w- c:\windows\system32\bigitita.dll.vir
2009-03-12 21:00 . 2009-03-12 21:00 2713 --sh--w- c:\windows\system32\nawugeli.dll
2009-02-09 22:02 . 2009-02-09 22:02 2713 --sh--w- c:\windows\SYSTEM32\davagadu.dll
2009-03-10 20:59 . 2009-03-10 20:59 2713 --sh--w- c:\windows\SYSTEM32\diyahema.dll
2009-03-11 20:59 . 2009-03-11 20:59 2713 --sh--w- c:\windows\SYSTEM32\fohakibi.dll
2009-02-12 08:06 . 2009-02-12 08:06 2713 --sh--w- c:\windows\SYSTEM32\juzoteji.dll
2009-03-07 15:54 . 2009-03-07 15:54 2713 --sh--w- c:\windows\SYSTEM32\kuwalobe.dll
2009-01-08 21:57 . 2009-01-08 21:57 61440 --sha-w- c:\windows\SYSTEM32\modisemi.exe
2009-03-05 00:23 . 2009-03-05 00:23 2713 --sh--w- c:\windows\SYSTEM32\nayuvime.dll
1601-01-01 00:12 . 1601-01-01 00:12 72326 --sha-w- c:\windows\SYSTEM32\sivagami.dll.vir
2009-03-08 14:11 . 2009-03-08 14:11 2713 --sh--w- c:\windows\SYSTEM32\sumonibe.dll
2009-03-11 08:59 . 2009-03-11 08:59 2713 --sh--w- c:\windows\SYSTEM32\tifakapu.dll
2009-03-04 12:23 . 2009-03-04 12:23 2713 --sh--w- c:\windows\SYSTEM32\vumehijo.dll
2009-02-02 00:10 . 2009-02-02 00:10 2713 --sh--w- c:\windows\SYSTEM32\widujuda.dll
2009-02-10 16:24 . 2009-02-10 16:24 2713 --sh--w- c:\windows\SYSTEM32\yubihimo.dll
2009-02-08 02:54 . 2007-10-01 19:26 33069600 --sha-w- c:\windows\SYSTEM32\DRIVERS\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ErrorRepairTool"="c:\program files\ErrorRepairTool\ErrorRepairTool.exe" [2009-04-02 36708352]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
c:\documents and settings\Churchmouse\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-12-25 225280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"RestrictRun"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157429076\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157429076\\ee\\aolsoftware.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DellSupport\\DSAgnt.exe"=
"c:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"=
"c:\\Program Files\\ErrorRepairTool\\ErrorRepairTool.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsTray.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Diablo\\diablo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [3/31/2009 11:42 PM 130936]
R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [2/24/2009 6:45 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [2/24/2009 6:46 PM 39200]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [3/31/2009 11:42 PM 159600]
S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [11/8/2004 6:57 PM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\SYSTEM32\DRIVERS\BrParImg.sys [11/8/2004 6:57 PM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\SYSTEM32\DRIVERS\BrParwdm.sys [11/8/2004 6:57 PM 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [11/8/2004 6:57 PM 60416]
S3 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [3/31/2009 11:41 PM 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/29/2008 5:41 PM 348752]
S3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [2/24/2009 6:46 PM 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 TMPassthruMP;TMPassthruMP; [x]
S4 ASKService;ASKService; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-06-09 c:\windows\Tasks\ErrorRepairTool Scan.job
- c:\program files\ErrorRepairTool\ErrorRepairTool.exe [2009-04-02 16:22]
.
- - - - ORPHANS REMOVED - - - -
BHO-{55107032-3184-40e1-a409-8859ce1ffc7e} - c:\windows\system32\tukibazi.dll
HKCU-Run-000000af - c:\windows\system32\dojiralo.dll
HKLM-Run-hozogipuyu - c:\windows\system32\zagubura.dll
HKLM-Run-CPMc793aa0c - c:\windows\system32\wafiguvu.dll
HKLM-Run-c4a09990 - c:\windows\system32\popiwoba.dll
HKU-Default-Run-hozogipuyu - c:\windows\system32\telonapi.dll
Notify-vtUooonL - vtUooonL.dll
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext =
hxxp://accelerator.bellsouth.net/uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
Trusted Zone: runescape.com
FF - ProfilePath - c:\documents and settings\Churchmouse\Application Data\Mozilla\Firefox\Profiles\u9kidwnw.default\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-09 19:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(756)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
- - - - - - - > 'explorer.exe'(1100)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\browselc.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\IMAPI.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\windows\SYSTEM32\msiexec.exe
c:\windows\SYSTEM32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-09 19:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-09 23:38
Pre-Run: 46,922,452,992 bytes free
Post-Run: 48,130,351,104 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
881 --- E O F --- 2009-01-15 14:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:55 PM, on 6/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://accelerator.bellsouth.net/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ErrorRepairTool] C:\Program Files\ErrorRepairTool\ErrorRepairTool.exe -boot
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://home.bellsouth.net
O15 - Trusted Zone:
http://*.runescape.comO16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) -
http://www.worldwinner.com/games/v47/sh ... Loader.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) -
http://static.slide.com/uploader/SlideImageUploader.cabO16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) -
http://www.worldwinner.com/games/v46/be ... eweled.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 3313560734O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) -
http://www.worldwinner.com/games/v46/sol/sol.cabO16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -
http://www.trendsecure.com/easy_install ... stallX.CABO16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) -
http://www.worldwinner.com/games/v47/fa ... lyfeud.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
http://3dlifeplayer.dl.3dvia.com/player ... taller.exeO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://spinpalace.microgaming.com/spin ... lashAX.cabO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
--
End of file - 6213 bytes